SSL check results of mxtls.expurgate.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for mxtls.expurgate.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Fri, 07 Sep 2018 19:40:49 +0000

The mailservers of mxtls.expurgate.net can be reached through an encrypted connection.

However, we found problems that may affect the security.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mxtls.expurgate.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mxtls.expurgate.net
194.145.224.125
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mxtls.expurgate.net
195.190.135.120
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mxtls.expurgate.net
195.190.135.121
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mxtls.expurgate.net
195.190.135.122
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mxtls.expurgate.net
195.190.135.123
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mxtls.expurgate.net
195.190.135.124
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mxtls.expurgate.net
195.190.135.125
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mxtls.expurgate.net
194.145.224.120
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mxtls.expurgate.net
194.145.224.121
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mxtls.expurgate.net
194.145.224.122
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mxtls.expurgate.net
194.145.224.123
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mxtls.expurgate.net
194.145.224.124
-
supported
mxtls.expurgate.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s

Outgoing Mails

We have not received any emails from a @mxtls.expurgate.net address so far. Test mail delivery

Certificates

First seen at:

CN=mxtls.expurgate.net,O=CYREN GmbH,L=Berlin,ST=Berlin,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Berlin
Locality (L)
  • Berlin
Organization (O)
  • CYREN GmbH
Common Name (CN)
  • mxtls.expurgate.net
Alternative Names
  • mxtls.expurgate.org
  • mxtls.expurgate.eu
  • mxa.expurgate.de
  • mxb.expurgate.de
  • mxtls.expurgate.de
  • mxa.expurgate.net
  • mxb.expurgate.net
  • mxtls.expurgate.net
Issuer
Country (C)
  • US
Organization (O)
  • GeoTrust Inc.
Common Name (CN)
  • GeoTrust SSL CA - G3
validity period
Not valid before
2017-05-31
Not valid after
2019-05-31
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
11:DC:AE:1D:DC:EB:23:6C:9D:D1:1D:6C:81:37:1A:2F:68:35:DE:A7:1C:B1:DF:F1:F1:F5:67:3E:FC:E9:9B:9A
SHA1
F2:3D:1F:1C:9E:1E:BD:65:C9:1C:A2:80:5F:AF:01:C4:C0:BC:14:48
X509v3 extensions
crlDistributionPoints
  • Full Name:
  • URI:http://gn.symcb.com/gn.crl
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: https://www.geotrust.com/resources/repository/legal
  • User Notice:
  • Explicit Text: https://www.geotrust.com/resources/repository/legal
authorityKeyIdentifier
  • keyid:D2:6F:F7:96:F4:85:3F:72:3C:30:7D:23:DA:85:78:9B:A3:7C:5A:7C
authorityInfoAccess
  • OCSP - URI:http://gn.symcd.com
  • CA Issuers - URI:http://gn.symcb.com/gn.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E:
  • 2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC
  • Timestamp : May 31 12:00:06.155 2017 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:02:E2:0B:94:30:78:AC:80:1D:0D:5B:BA:
  • 19:52:5A:E3:01:E4:BA:85:28:00:4E:CC:DC:EA:F9:41:
  • 16:5F:F5:7B:02:20:3A:49:C3:E8:06:CC:25:ED:2D:91:
  • EB:53:2A:99:3E:44:2D:DC:B9:6A:B8:DD:B7:03:A7:26:
  • 83:FD:1F:09:DC:B0
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
  • 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
  • Timestamp : May 31 12:00:06.210 2017 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:04:3D:D1:49:91:61:6C:1D:DF:76:70:2D:
  • B1:4B:18:2A:6D:B9:70:3B:26:90:4D:D4:A3:6B:03:1A:
  • 3F:69:8B:28:02:20:64:2F:49:08:F3:43:78:20:EB:B4:
  • 81:AB:1D:BB:31:E2:B7:4C:D2:E9:FE:B0:FC:E0:B8:1A:
  • E5:DB:68:11:B7:64
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
  • A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
  • Timestamp : May 31 12:00:06.666 2017 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:C7:C1:D9:3B:17:18:BC:8D:CF:1A:EE:
  • 76:E6:AB:CB:42:AC:43:9A:AB:81:DC:56:E7:0E:CE:79:
  • DE:80:0F:D8:7B:02:21:00:D1:06:72:E3:A7:76:44:5C:
  • 89:C1:BE:51:0D:27:EF:2C:BD:A8:FD:0C:B3:7C:AF:3B:
  • 2B:6D:CA:25:0C:41:37:80